National Intelligence Committee Hearing Report – ICD Brief 36.

ICD Brief 36.

28.03.2017. –03.04.2017.

This week’s Brief includes significant updates from the USA, Australia, China, Germany, India, Israel, NATO, and the UK.

We lead with video and print reports from two open hearings of the Senate Select Committee on Intelligence on Russian Influence and Disinformation. No movie could have improved on the setting; Chairman Richard Burr(R-NC), Vice Chairman Mark Warner(D-VA) and their committee members heard and engaged six expert witnesses* detail the history, context, tactics and strategy of attacks and vulnerabilities in more than 6 hours of testimony.

FEATURE

The Senate Intelligence Committee held a rare public hearing on Thursday, a first look at its investigation into Russian interference in the 2016 election.
The hearing, broken up into several sessions, began Thursday morning with a panel of academics brought in to explain Russia’s history of trying to influence politics in other countries. Sen. Richard Burr (R-N.C.), the committee chairman, and Sen. Mark R. Warner (D-Va.), the vice chairman, made it clear that they want to be thorough, starting with an understanding of how Russia interferes in other countries’ affairs and why.

On Thursday afternoon, the committee brought in a panel of cybersecurity experts, including Gen. Keith Alexander, who was head of the National Security Agency from 2005 to 2014. The experts are expected to discuss the techniques Russia uses to influence other countries and their politics over the Internet.

Sen. Marco Rubio’s campaign was the target of hacks – as recently as yesterday.

The Senate Intelligence Committee wants to avoid the partisanship we have seen from the House Intelligence Committee.

The Senate Intelligence Committee held its first public hearing on Russia’s election season meddling, where both committee leaders made clear they wanted to avoid the partisanship that’s plagued their House counterparts’ investigation. They focused on issues from the very real threats of fake news stories, to rules for engagement in a cyber war.

“When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems (CSCO.O) swung into action.
The Wikileaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco’s widely used Internet switches, which direct electronic traffic, to enable eavesdropping.”

“For the federal government to better secure its information systems and support cybersecurity in the private sector, departments and agencies will need to dramatically improve the way they collect, analyze and share information about emerging threats, current and former government officials are cautioning. At a government IT conference convened by Akamai, a content delivery and cloud service provider, officials stressed the importance of casting a wide net for gathering information about cyberthreats, calling for the advancement of new standards and protocols to automate information sharing across the public and private sectors.”

“Lawmakers are taking a second stab at legislation that would reorganize the Department of Homeland Security’s cybersecurity efforts with the goal of bolstering its cyber operations in the face of evolving threats. A House panel with oversight of DHS is getting ready to again consider legislation that would consolidate the department’s cyber efforts under one operational agency.”

“It’s not surprising NASA has a lot of technology to protect — it is, after all, the agency that put men on the moon. But the space agency is now taking steps to enhance its cybersecurity, in part by embracing a key Department of Homeland Security program and also by coordinating its own efforts internally.”

AUSTRALIA

“Austrade is reviewing the lessons learned to date after successful trade missions to India and the United States that laid the groundwork for Australian cybersecurity innovators to build bridges for facilitating international growth.”

“Aligning cyber security plans to business challenges was a hot topic at the recent ACSC (Australian Cyber Security Centre) conference in Canberra. Recently I joined our regional Australian team to help increase Carbon Black’s involvement and impact on the Australian (and greater) cyber security market. The ACSC and its conference stand front and centre in the changing cyber security mandates in Australia and surrounding regions.”

GERMANY

“Future cyber attacks are to be fended off by the new “Cyber and Information Space Command” (CIR), which will become operational on April 1. The command will have its own independent organizational structure, thus becoming the sixth branch of the German military – on a par with the army, navy, air force, joint medical service and joint support service. Although other countries, such as the USA, set up cyber commands long ago, the Bundeswehr now sees itself “at the international forefront.”

INDIA

“Prime Minister Modi has embarked on a series of transformative initiatives including Aadhar, De-monetization and Digital India to hasten India’s transition from an analog to a digital economy. This is a laudable goal and if executed properly could really jumpstart India’s economic growth and create crores of new jobs. However, these goals are not achievable unless India dramatically improves its cyber security infrastructure”

“BENGALURU: Over 10,000 students. 1,266 teams. 36 hours. On Saturday, the hacks of India got to work, hunching over to stitch codes for digital solutions for the government, at the grand finale of Smart India Hackathon 2017.”

NATO

“As security threats move online, the NATO Communications and Information Agency wants to strengthen network capabilities. To that end, the alliance plans to invest around €3 billion in satellite bandwidth and stronger cybersecurity, a NATO official confirmed today. The contracts for the expansion will be presented in Ottawa, Canada’s capital, at an April defense conference.”

UK

“Britain’s airports and nuclear power stations have been told to tighten their defences against terrorist attacks in the face of increased threats to electronic security systems.
Security services have issued a series of alerts in the past 24 hours, warning that terrorists may have developed ways of bypassing safety checks.”

“The first group of companies has completed a government-led cyber accelerator programme aimed at helping UK startups take the lead in producing the next generation of cyber security systems, with another round to be announced in 2017”

“In the face of increasing data protection regulations and cyber security threats, red team testing is an essential tool to find out just how susceptible organisations are to cyber attack. This is the view of risk management and red teaming expert Justin Clarke-Salt, managing director and co-founder of Gotham Digital Science, a Stroz Friedberg company.”

“As part of the British Retail Consortium’s (BRC) campaign to tackle the threat of cybercrime on the UK retail industry, students are being called upon to offer ideas.
A contest hosted by the BRC has invited students from any higher education establishment to propose ideas on how the government, law enforcement and retail industry can work together to fight digital threats.”

“The latest CBI/PwC financial services quarterly survey highlighted a number of measures being implemented by firms to tackle cyber crime. The survey, of 98 firms, charted the views of firms during the three months to March 2017. According to the newly published survey results, 84% of financial services firms expect to invest in “preventative technology and IT systems” during the next year, and 83% expect to engage in “penetration testing”. A further 82% of firms said they would test incident response plans they have in place for reacting to cyber incidents when they occur.”